But three months later, after not hearing from Twitter despite repeated attempts to contact the company, Rudenberg went public with details on the vulnerability, which allows an attacker to break into user accounts via SMS and can be carried out by spoofing the telephone number associated with the SMS account.

"Like email, the originating address of SMS cannot be trusted," Rudenberg said in a blog post describing his discovery.